diff options
author | Luke Leighton <lkcl@samba.org> | 1999-11-16 15:39:09 +0000 |
---|---|---|
committer | Luke Leighton <lkcl@samba.org> | 1999-11-16 15:39:09 +0000 |
commit | 774d2d73666b7deca79ae90dd10397e2e1f8e6d9 (patch) | |
tree | ff5e62b979d5f22d660656909d79b1df525325ae | |
parent | 8a84d000c96fe4487adba5df0f50fa6e8fb27c24 (diff) | |
download | samba-774d2d73666b7deca79ae90dd10397e2e1f8e6d9.tar.gz samba-774d2d73666b7deca79ae90dd10397e2e1f8e6d9.tar.bz2 samba-774d2d73666b7deca79ae90dd10397e2e1f8e6d9.zip |
Shirish Kalele <kalele@veritas.com> noticed that NT workstations are
sending anonymous NTLMSSP user credentials to set up \PIPE\samr.
added anonymous NTLMSSP sessions.
(This used to be commit df5ee2bd427ccd5fcf27fd3c366e06e037bc4f1e)
-rw-r--r-- | source3/rpc_server/srv_pipe.c | 69 |
1 files changed, 51 insertions, 18 deletions
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index 1073ba2179..c6d9cf070e 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -207,14 +207,23 @@ BOOL create_rpc_reply(pipes_struct *p, static BOOL api_pipe_ntlmssp_verify(pipes_struct *p) { + uchar *pwd = NULL; + uchar null_pwd[16]; uchar lm_owf[24]; uchar nt_owf[128]; size_t lm_owf_len; size_t nt_owf_len; + size_t usr_len; + size_t dom_len; + size_t wks_len; + BOOL anonymous = False; + struct smb_passwd *smb_pass = NULL; user_struct *vuser = get_valid_user_struct(p->vuid); + memset(null_pwd, 0, sizeof(null_pwd)); + DEBUG(5,("api_pipe_ntlmssp_verify: checking user details\n")); if (vuser == NULL) @@ -225,13 +234,23 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p) lm_owf_len = p->ntlmssp_resp.hdr_lm_resp.str_str_len; nt_owf_len = p->ntlmssp_resp.hdr_nt_resp.str_str_len; + usr_len = p->ntlmssp_resp.hdr_usr .str_str_len; + dom_len = p->ntlmssp_resp.hdr_domain .str_str_len; + wks_len = p->ntlmssp_resp.hdr_wks .str_str_len; - - if (lm_owf_len == 0) return False; - if (nt_owf_len == 0) return False; - if (p->ntlmssp_resp.hdr_usr .str_str_len == 0) return False; - if (p->ntlmssp_resp.hdr_domain .str_str_len == 0) return False; - if (p->ntlmssp_resp.hdr_wks .str_str_len == 0) return False; + if (lm_owf_len == 0 && nt_owf_len == 0 && + usr_len == 0 && dom_len == 0 && wks_len == 0) + { + anonymous = True; + } + else + { + if (lm_owf_len == 0) return False; + if (nt_owf_len == 0) return False; + if (p->ntlmssp_resp.hdr_usr .str_str_len == 0) return False; + if (p->ntlmssp_resp.hdr_domain .str_str_len == 0) return False; + if (p->ntlmssp_resp.hdr_wks .str_str_len == 0) return False; + } if (lm_owf_len > sizeof(lm_owf)) return False; if (nt_owf_len > sizeof(nt_owf)) return False; @@ -269,21 +288,36 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p) fstrcpy(p->wks , p->ntlmssp_resp.wks ); } - DEBUG(5,("user: %s domain: %s wks: %s\n", p->user_name, p->domain, p->wks)); - become_root(True); - p->ntlmssp_validated = pass_check_smb(p->user_name, p->domain, - (uchar*)p->ntlmssp_chal.challenge, - lm_owf, lm_owf_len, - nt_owf, nt_owf_len, - NULL, vuser->dc.user_sess_key); - smb_pass = getsmbpwnam(p->user_name); - unbecome_root(True); + if (anonymous) + { + DEBUG(5,("anonymous user session\n")); + mdfour(vuser->dc.user_sess_key, null_pwd, 16); + pwd = null_pwd; + p->ntlmssp_validated = True; + } + else + { + DEBUG(5,("user: %s domain: %s wks: %s\n", p->user_name, p->domain, p->wks)); + become_root(True); + p->ntlmssp_validated = pass_check_smb(p->user_name, p->domain, + (uchar*)p->ntlmssp_chal.challenge, + lm_owf, lm_owf_len, + nt_owf, nt_owf_len, + NULL, vuser->dc.user_sess_key); + smb_pass = getsmbpwnam(p->user_name); + unbecome_root(True); + + if (smb_pass != NULL) + { + pwd = smb_pass->smb_passwd; + } + } - if (p->ntlmssp_validated && smb_pass != NULL && smb_pass->smb_passwd) + if (p->ntlmssp_validated && pwd != NULL) { uchar p24[24]; - NTLMSSPOWFencrypt(smb_pass->smb_passwd, lm_owf, p24); + NTLMSSPOWFencrypt(pwd, lm_owf, p24); { unsigned char j = 0; int ind; @@ -314,7 +348,6 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p) p->ntlmssp_hash[256] = 0; p->ntlmssp_hash[257] = 0; } -/* NTLMSSPhash(p->ntlmssp_hash, p24); */ p->ntlmssp_seq_num = 0; } else |